1
0
Fork 0
myserver-configuration/roles/gitlab/templates/docker-compose.yml

116 lines
4 KiB
YAML

version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:latest
container_name: gitlab
restart: unless-stopped
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.{{ server.domain }}'
gitlab_rails['lfs_enabled'] = true
gitlab_rails['gitlab_shell_ssh_port'] = 22
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
'X-Forwarded-Proto' => 'https',
'X-Forwarded-Ssl' => 'on',
'Host' => 'gitlab.{{ server.domain }}'
}
registry['enable'] = true
registry_external_url 'https://registry.{{ server.domain }}'
registry_nginx['listen_port'] = 80
registry_nginx['listen_https'] = false
puma['worker_processes'] = 0
sidekiq['max_concurrency'] = 10
gitlab_rails['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
}
gitaly['configuration'] = {
concurrency: [
{
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
'max_per_repo' => 3,
}, {
'rpc' => "/gitaly.SSHService/SSHUploadPack",
'max_per_repo' => 3,
},
],
cgroups: {
repositories: {
count: 2,
},
mountpoint: '/sys/fs/cgroup',
hierarchy_root: 'gitaly',
memory_bytes: 500000,
cpu_shares: 512,
},
}
gitaly['env'] = {
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
}
volumes:
- {{ server.work_dir }}/gitlab/data/:/var/opt/gitlab/
- {{ server.work_dir }}/gitlab/config/:/etc/gitlab/
- {{ server.work_dir }}/gitlab/logs/:/var/log/gitlab/
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- proxy
- interne
- metrics
labels:
- traefik.enable=true
- traefik.docker.network=proxy
# HTTP Reverse proxy Gitlab
- traefik.http.routers.gitlab-secure.entrypoints=https
- traefik.http.routers.gitlab-secure.rule=Host(`gitlab.{{ server.domain }}`)
- traefik.http.routers.gitlab-secure.tls=true
- traefik.http.routers.gitlab-secure.tls.certresolver=sslResolver
- traefik.http.routers.gitlab-secure.service=gitlab
- traefik.http.services.gitlab.loadbalancer.server.port=80
# HTTP Reverse proxy Registry
- traefik.http.routers.gitlab-registry-secure.entrypoints=https
- traefik.http.routers.gitlab-registry-secure.rule=Host(`registry.{{ server.domain }}`)
- traefik.http.routers.gitlab-registry-secure.tls=true
- traefik.http.routers.gitlab-registry-secure.tls.certresolver=sslResolver
- traefik.http.routers.gitlab-registry-secure.service=gitlab-registry
- traefik.http.services.gitlab-registry.loadbalancer.server.port=80
# TCP SSH Reverse proxy Gitlab
- traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`*`)
- traefik.tcp.routers.gitlab-ssh.entrypoints=ssh
- traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh
- traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22
logging:
driver: loki
options:
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
mode: non-blocking
gitlab-runner:
image: gitlab/gitlab-runner:alpine
container_name: gitlab-runner
restart: unless-stopped
depends_on:
- gitlab
volumes:
- {{ server.work_dir }}/gitlab/runner/:/etc/gitlab-runner/
- /var/run/docker.sock:/var/run/docker.sock
networks:
- interne
logging:
driver: loki
options:
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
mode: non-blocking
networks:
interne:
metrics:
external: true
proxy:
external: true